Skip to content

Instantly share code, notes, and snippets.

@tapanpandita

tapanpandita/.gitignore

Created May 11, 2012 12:11
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save tapanpandita/2659254 to your computer and use it in GitHub Desktop.
Save tapanpandita/2659254 to your computer and use it in GitHub Desktop.
Download ZIP
Serving password protected files from Nginx
Raw
nginx_pass_files.md

Serving protected files from Nginx with Django

Overview

Has this ever happened to you?

Nginx listing directory

If you are reading this, I am guessing it has. Oh, the horror! Remember when your boss called you into his office and showed you this page? Remember the shame? So you turned autoindex off; and went back to your desk with a smug face. That was easy. But alas, your plans for world domination were still available to the world at http://yoursite.com/static/plans_for_world_domination.doc . You hung your head in shame, resigned to serve your static content from your wsgi server.

Look up my friend, this post is for you! You can keep your plans for world domination safe and still serve them at blazing fast speeds with a little Nginx trick called X-Accel-Redirect. What this does is allows Nginx to serve files when requested to do so by your application. All you application needs to is add an "X-Accel-Redirect" header to the response. I am assuming that you are using Nginx as a reverse proxy for your wsgi server. If you are not, then you should! Lets looks at the configuration.

The Code

First, open up your nginx config in your favourite text editor(vim). You can typically locate it in /etc/nginx/sites-enabled/. Add the following config lines to it.

###Nginx Config

//url you would like to serve the files from
location ~ ^/protected-dir/ {
    alias /path/to/password-protected/dir/; //path to the directory containing the protected files
    internal; //this prevents clients from directly accessing this URI
}

This is a sample view that you can use for using X-Accel-Redirect. The important part to be noted is the "X-Accel-Redirect" header in the response. It should be a valid URI pointing to the file to be served relative to the directory aliased in the Nginx config.

###views.py

#ensures that only authorised people can access the files
@login_required
def protected_view(request):
    response = HttpResponse()
    response['Content-Type'] = 'application/pdf'
    response['Content-Disposition'] = 'attachment; filename=%s.pdf' % (pdf_name, )
    response['X-Accel-Redirect'] = '/protected-dir/%s' % (relative_filepath, )
    return response

And thats it! You can share your plans for world domination only within your cult. Or serve sensitive customer information with authorisation.

Conclusion

In general, it is a good idea to serve your static files from a server like Nginx, which excels at it rather than burden your application server with it. X-Accel-Redirect allows you to use the power of Nginx while maintaining authorisation requirements. You can read up more about this at http://wiki.nginx.org/XSendfile and http://wiki.nginx.org/X-accel . Also this is a good guide for managing your static files in Django https://docs.djangoproject.com/en/dev/howto/static-files/ .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment